General

  • Target

    aa7d10beedac98b70e2f30634fe74fd471612dbb8c242235bdd5de5d5b71189c

  • Size

    569KB

  • Sample

    241110-eaachasjfm

  • MD5

    2c8ca933c39135595f15b81365c2747f

  • SHA1

    980873ad99aa678329db2b316d5f4707e1867ff4

  • SHA256

    aa7d10beedac98b70e2f30634fe74fd471612dbb8c242235bdd5de5d5b71189c

  • SHA512

    52fc2fdadf7b8f544355a8923e54243c1a8c6eaaf3d5470803c7dc11059c7f2aff4c9f66babb4dc68544aea18bfac8ede4c4fb1e9676c1e78b9433de3b34bf6c

  • SSDEEP

    12288:cMr0y904ahimz7AuxqVufv2t1GWFb2jSrIhc8V5V:QylsVAuxYufvcbgjS8e8B

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      aa7d10beedac98b70e2f30634fe74fd471612dbb8c242235bdd5de5d5b71189c

    • Size

      569KB

    • MD5

      2c8ca933c39135595f15b81365c2747f

    • SHA1

      980873ad99aa678329db2b316d5f4707e1867ff4

    • SHA256

      aa7d10beedac98b70e2f30634fe74fd471612dbb8c242235bdd5de5d5b71189c

    • SHA512

      52fc2fdadf7b8f544355a8923e54243c1a8c6eaaf3d5470803c7dc11059c7f2aff4c9f66babb4dc68544aea18bfac8ede4c4fb1e9676c1e78b9433de3b34bf6c

    • SSDEEP

      12288:cMr0y904ahimz7AuxqVufv2t1GWFb2jSrIhc8V5V:QylsVAuxYufvcbgjS8e8B

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks